From 7bcb196188e67743ece330d8be15ca04b3c8164a Mon Sep 17 00:00:00 2001 From: Janek Mangold Date: Tue, 7 Jul 2026 14:24:59 +0200 Subject: [PATCH 1/3] feat: add SBOM CI component --- django/{{ cookiecutter.project_slug }}/.gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/django/{{ cookiecutter.project_slug }}/.gitlab-ci.yml b/django/{{ cookiecutter.project_slug }}/.gitlab-ci.yml index a1c46ff..a298b1b 100644 --- a/django/{{ cookiecutter.project_slug }}/.gitlab-ci.yml +++ b/django/{{ cookiecutter.project_slug }}/.gitlab-ci.yml @@ -6,6 +6,7 @@ stages: include: - local: .gitlab/ci/*.gitlab-ci.yml - component: singular-code.de/singularit/ci-components/utilities/size/all@1.2.0 + - component: $CI_SERVER_FQDN/singularit/ci-components/security/dependency-audit/sbom@0.3.6 variables: POSTGRES_HOST_AUTH_METHOD: trust From 8a2aa1f5f3f0002c1e4b10959a5cfdeb7c9c0396 Mon Sep 17 00:00:00 2001 From: Janek Mangold Date: Tue, 7 Jul 2026 15:48:29 +0200 Subject: [PATCH 2/3] feat: update README with GitLab CI/CD details and local testing instructions for templates --- README.md | 23 +++++++++++- .../{{ cookiecutter.project_slug }}/README.md | 37 +++++++++++++++++++ 2 files changed, 58 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 6711a4f..336598e 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ ## Prerequisites -- [cookiecutter](https://cookiecutter.readthedocs.io/en/latest/installation.html) installed +- [cookiecutter](https://cookiecutter.readthedocs.io/en/latest/installation.html) or [uv](https://docs.astral.sh/uv/getting-started/installation/) installed ## Django template @@ -15,6 +15,8 @@ 2. Run the following command to create a new Django project using the newest template version: ```shell cookiecutter https://github.com/singularit-de/cc-python.git --directory django + # or + uvx cookiecutter https://github.com/singularit-de/cc-python.git --directory django ``` 1. If you want to use a specific version/branch you can use the `--checkout ` option: @@ -24,7 +26,24 @@ ## Why we are using templates -## Contribute to this repository +## Testing template updates locally + +If you contribute to the template you mostly want to test your changes locally before pushing them to the remote repository to see that everything works as expected. + + +1. Go into the top-level directory where your "cc-python" repository lives: + + ```shell + cd /path/to/the/cc-python/top-level-directory + ``` + +2. Run the following command to create a new Django project using the local template version: + + ```shell + cookiecutter cc-python --directory django + # or + uvx cookiecutter cc-python --directory django + ``` ### Tech stack of this repository diff --git a/django/{{ cookiecutter.project_slug }}/README.md b/django/{{ cookiecutter.project_slug }}/README.md index b20dad6..9cf69d1 100644 --- a/django/{{ cookiecutter.project_slug }}/README.md +++ b/django/{{ cookiecutter.project_slug }}/README.md @@ -87,3 +87,40 @@ ```bash pre-commit install ``` + +## Gitlab CI/CD + +### Dependency Track + +The uv.lock file is used to track vulnerabilities in dependencies. +Every push to a protected branch or a created tag will trigger an update of the Dependency Track Dashboard. +You can view the Dependency Track Dashboard [here](https://dependency-track.v3.singular-it-test.de/). + +### Stages + +#### Lint + +In the lint stage we are running `pre-commit'` that checks for code formatting and linting issues. + +When? Each push to a protected branch or a branch that has an open pull request to a protected branch. + +#### Test + +Our test stage has 3 jobs: + +1. `django-test` - runs the django unit tests +2. `deploy-check` - runs the django deployment check for security issues +3. `sbom:uv:prod` - generates a Software Bill of Materials (SBOM) for the Dependency Track Dashboard. There is a separate .post stage where the SBOM is uploaded to the Dependency Track Dashboard. + +When? Each push to a protected branch or a branch that has an open pull request to a protected branch. + +#### Deploy + +In the deploy stage we are deploying to our v2 staging server. + +When? Each push to a protected branch or a branch that has an open pull request to a protected branch. + staging server. + +#### .post + +In the .post stage we are uploading the SBOM to the Dependency Track Dashboard. From 020423daaf75b73353ebde1243f347293d671401 Mon Sep 17 00:00:00 2001 From: Janek Mangold Date: Fri, 10 Jul 2026 10:32:38 +0200 Subject: [PATCH 3/3] feat: rename project to cc-python and update GitLab CI/CD documentation --- README.md | 12 +++++- .../{{ cookiecutter.project_slug }}/README.md | 38 ++++++++++--------- pyproject.toml | 2 +- uv.lock | 2 +- 4 files changed, 33 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 336598e..85cec16 100644 --- a/README.md +++ b/README.md @@ -15,8 +15,8 @@ 2. Run the following command to create a new Django project using the newest template version: ```shell cookiecutter https://github.com/singularit-de/cc-python.git --directory django - # or - uvx cookiecutter https://github.com/singularit-de/cc-python.git --directory django + # or + uvx cookiecutter https://github.com/singularit-de/cc-python.git --directory django ``` 1. If you want to use a specific version/branch you can use the `--checkout ` option: @@ -26,6 +26,14 @@ ## Why we are using templates +Cookiecutter templates ensure consistency, standardization, and best practices across all Python projects at singularIT. They: + +- **Reduce setup time** by automating project initialization and boilerplate configuration +- **Enforce conventions** with a standardized directory structure, naming patterns, and tooling (ruff, pre-commit, etc.) +- **Ensure quality** by baking in linting, formatting, and testing configurations from the start +- **Simplify maintenance** by allowing template updates to benefit all projects using them +- **Enable team alignment** on development practices and technology choices + ## Testing template updates locally If you contribute to the template you mostly want to test your changes locally before pushing them to the remote repository to see that everything works as expected. diff --git a/django/{{ cookiecutter.project_slug }}/README.md b/django/{{ cookiecutter.project_slug }}/README.md index 9cf69d1..5acff68 100644 --- a/django/{{ cookiecutter.project_slug }}/README.md +++ b/django/{{ cookiecutter.project_slug }}/README.md @@ -88,39 +88,43 @@ pre-commit install ``` -## Gitlab CI/CD +## GitLab CI/CD + +GitLab CI/CD is a continuous integration and continuous deployment service built into GitLab. It automates tasks like testing, building, and deploying code on every push or merge request. Pipelines are defined in a `.gitlab-ci.yml` file at the repository root. Additional configuration can be modularized in the `.gitlab` folder for better organization: + +``` +.gitlab/ + ├── ci/ + │ ├── lint.yml + │ ├── test.yml + │ └── deploy.yml +.gitlab-ci.yml +``` ### Dependency Track -The uv.lock file is used to track vulnerabilities in dependencies. -Every push to a protected branch or a created tag will trigger an update of the Dependency Track Dashboard. -You can view the Dependency Track Dashboard [here](https://dependency-track.v3.singular-it-test.de/). +To track vulnerabilities in dependencies we are using our Dependency Track Dashboard. The dashboard is updated with every push to the default branch or a created tag. +The dashboard is updated with the help of the `uv.lock` file that is generated by uv. +You can view our Dependency Track Dashboard [here](https://dependency-track.v3.singular-it-test.de/). ### Stages #### Lint -In the lint stage we are running `pre-commit'` that checks for code formatting and linting issues. +In the lint stage we are running `pre-commit` that checks for code formatting and linting issues. -When? Each push to a protected branch or a branch that has an open pull request to a protected branch. +When? Each push to a protected branch or a branch that has an open merge request to a protected branch. #### Test -Our test stage has 3 jobs: +In general our test stage has 2 jobs: 1. `django-test` - runs the django unit tests 2. `deploy-check` - runs the django deployment check for security issues -3. `sbom:uv:prod` - generates a Software Bill of Materials (SBOM) for the Dependency Track Dashboard. There is a separate .post stage where the SBOM is uploaded to the Dependency Track Dashboard. - -When? Each push to a protected branch or a branch that has an open pull request to a protected branch. - -#### Deploy -In the deploy stage we are deploying to our v2 staging server. +When? Each push to a protected branch or a branch that has an open merge request to a protected branch. -When? Each push to a protected branch or a branch that has an open pull request to a protected branch. - staging server. -#### .post +#### Deployment to our v2 staging server -In the .post stage we are uploading the SBOM to the Dependency Track Dashboard. +When? Each push to a protected branch. diff --git a/pyproject.toml b/pyproject.toml index 82db7e6..6864282 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,5 +1,5 @@ [project] -name = "cc-django" +name = "cc-python" version = "0.1.0" description = "Cookiecutters for python projects @singularIT" requires-python = ">=3.12" diff --git a/uv.lock b/uv.lock index d109c61..16972c9 100644 --- a/uv.lock +++ b/uv.lock @@ -28,7 +28,7 @@ wheels = [ ] [[package]] -name = "cc-django" +name = "cc-python" version = "0.1.0" source = { virtual = "." } dependencies = [